packages/shade-core/src/storage.ts

import type { IdentityKeyPair, SignedPreKey, OneTimePreKey, SessionState } from './types.js';

/**
 * StorageProvider — abstract interface for persisting cryptographic state.
 *
 * Implementations per platform:
 *  - In-memory (testing)
 *  - IndexedDB (browser)
 *  - SQLite/PostgreSQL (server)
 *  - EncryptedSharedPreferences (Android)
 */
export interface StorageProvider {
  // ─── Identity ──────────────────────────────────────────────

  /** Get our local identity keypair, or null if not yet generated */
  getIdentityKeyPair(): Promise<IdentityKeyPair | null>;

  /** Persist our local identity keypair */
  saveIdentityKeyPair(keyPair: IdentityKeyPair): Promise<void>;

  /** Get our local registration ID (unique per installation) */
  getLocalRegistrationId(): Promise<number>;

  /** Save our local registration ID */
  saveLocalRegistrationId(id: number): Promise<void>;

  // ─── Signed Pre-Keys ──────────────────────────────────────

  /** Get a signed prekey by ID */
  getSignedPreKey(keyId: number): Promise<SignedPreKey | null>;

  /** Persist a signed prekey */
  saveSignedPreKey(key: SignedPreKey): Promise<void>;

  /** Remove a signed prekey (after rotation grace period) */
  removeSignedPreKey(keyId: number): Promise<void>;

  // ─── One-Time Pre-Keys ────────────────────────────────────

  /** Get a one-time prekey by ID */
  getOneTimePreKey(keyId: number): Promise<OneTimePreKey | null>;

  /** Persist a one-time prekey */
  saveOneTimePreKey(key: OneTimePreKey): Promise<void>;

  /** Remove a consumed one-time prekey */
  removeOneTimePreKey(keyId: number): Promise<void>;

  /** Count remaining one-time prekeys */
  getOneTimePreKeyCount(): Promise<number>;

  // ─── Sessions ─────────────────────────────────────────────

  /** Get session state for a peer address (e.g. "device:abc123") */
  getSession(address: string): Promise<SessionState | null>;

  /** Persist session state for a peer */
  saveSession(address: string, state: SessionState): Promise<void>;

  /** Remove session for a peer */
  removeSession(address: string): Promise<void>;

  /** Check if we trust a remote identity key (for TOFU or pinned keys) */
  isTrustedIdentity(address: string, identityKey: Uint8Array): Promise<boolean>;

  /** Save a trusted remote identity key */
  saveTrustedIdentity(address: string, identityKey: Uint8Array): Promise<void>;
}
feat: Shade E2EE library — M1-M3 complete Signal Protocol implementation with full X3DH + Double Ratchet: - M1: Core types, CryptoProvider interface, KDF chain functions, SubtleCrypto+noble/curves provider, MemoryStorage - M2: X3DH key agreement (identity keys, signed prekeys, one-time prekeys, bundle processing for both initiator and responder) - M3: Double Ratchet (symmetric-key ratchet, DH ratchet, skipped message key cache, out-of-order delivery, AAD-bound headers) 68 tests, 0 failures — including full integration test of X3DH handshake → Double Ratchet conversation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 20:08:19 +02:00			`import type { IdentityKeyPair, SignedPreKey, OneTimePreKey, SessionState } from './types.js';`

			`/**`
			`* StorageProvider — abstract interface for persisting cryptographic state.`
			`*`
			`* Implementations per platform:`
			`* - In-memory (testing)`
			`* - IndexedDB (browser)`
			`* - SQLite/PostgreSQL (server)`
			`* - EncryptedSharedPreferences (Android)`
			`*/`
			`export interface StorageProvider {`
			`// ─── Identity ──────────────────────────────────────────────`

			`/** Get our local identity keypair, or null if not yet generated */`
			`getIdentityKeyPair(): Promise<IdentityKeyPair \| null>;`

			`/** Persist our local identity keypair */`
			`saveIdentityKeyPair(keyPair: IdentityKeyPair): Promise<void>;`

			`/** Get our local registration ID (unique per installation) */`
			`getLocalRegistrationId(): Promise<number>;`

			`/** Save our local registration ID */`
			`saveLocalRegistrationId(id: number): Promise<void>;`

			`// ─── Signed Pre-Keys ──────────────────────────────────────`

			`/** Get a signed prekey by ID */`
			`getSignedPreKey(keyId: number): Promise<SignedPreKey \| null>;`

			`/** Persist a signed prekey */`
			`saveSignedPreKey(key: SignedPreKey): Promise<void>;`

			`/** Remove a signed prekey (after rotation grace period) */`
			`removeSignedPreKey(keyId: number): Promise<void>;`

			`// ─── One-Time Pre-Keys ────────────────────────────────────`

			`/** Get a one-time prekey by ID */`
			`getOneTimePreKey(keyId: number): Promise<OneTimePreKey \| null>;`

			`/** Persist a one-time prekey */`
			`saveOneTimePreKey(key: OneTimePreKey): Promise<void>;`

			`/** Remove a consumed one-time prekey */`
			`removeOneTimePreKey(keyId: number): Promise<void>;`

			`/** Count remaining one-time prekeys */`
			`getOneTimePreKeyCount(): Promise<number>;`

			`// ─── Sessions ─────────────────────────────────────────────`

			`/** Get session state for a peer address (e.g. "device:abc123") */`
			`getSession(address: string): Promise<SessionState \| null>;`

			`/** Persist session state for a peer */`
			`saveSession(address: string, state: SessionState): Promise<void>;`

			`/** Remove session for a peer */`
			`removeSession(address: string): Promise<void>;`

			`/** Check if we trust a remote identity key (for TOFU or pinned keys) */`
			`isTrustedIdentity(address: string, identityKey: Uint8Array): Promise<boolean>;`

			`/** Save a trusted remote identity key */`
			`saveTrustedIdentity(address: string, identityKey: Uint8Array): Promise<void>;`
			`}`